Вы находитесь на странице: 1из 4


Clarity auditing standards

To enhance the application of auditing standards in exam questions,
candidates must familiarise themselves with the clarity auditing standards.
The International Auditing and Assurance Standards Board (IAASB) has
completed its comprehensive project to enhance the clarity of all of its
International Standards on Auditing (ISAs) in 2009 for improving
understandability of auditing standards, and all the new clarity auditing
standards are now examinable. This also affects the Hong Kong Standards on
Auditing (HKSAs).

The full set of clarity auditing standards features 39 documents, which include:
• a new International/Hong Kong Standard on Auditing on communicating
deficiencies in internal control – ISA/HKSA 265 (Clarified), Communicating
Deficiencies in Internal Control to those Charged with Governance and
• 35 clarity ISAs/HKSAs
• a clarified international/Hong Kong standard on quality control – ISQC 1/
HKSQC 1, Quality Controls for Firms that Perform Audits and Reviews of
Financial Statements, and Other Assurance and Related Services Engagements
• a revised glossary of terms
• a revised preface to the International/Hong Kong Standards on Quality
Control, Auditing, Review, Other Assurance and Related Services.

ISA/HKSA 265 (Clarified), Communicating Deficiencies in Internal

Control to those Charged with Governance and Management
Among the clarified auditing standards, ISA/HKSA 265 (Clarified) is a
completely new standard.

It deals with the auditor’s responsibility to communicate appropriately to those

charged with governance and management deficiencies in internal control that
the auditor has identified in an audit of financial statements.

When auditors plan for an audit, they are required to perform risk assessment
through understanding internal controls, and also test for the appropriateness
of design of internal controls and whether they are implemented. When control
reliance strategy is adopted, auditors are required to perform tests of controls
to gather audit evidence on the operating effectiveness of controls.

During both processes, auditors might identify deficiencies in internal controls.

In accordance with ISA/HKSA 265 (Clarified), ‘deficiency’ exists when ‘a
control is designed, implemented or operated in such a way that it is unable to
prevent, or detect and correct, misstatements in financial statements on a
timely basis; or a control necessary to prevent, or detect and correct
misstatements in the financial statements on a timely basis is missing’. It is
equivalent to a deviation from an internal control.

© 2011 ACCA


APRIL 2011

It is common in practice and in exam questions to identify and explain

deficiencies in internal control systems. An example is Question 3(b) of Paper
F8 in the June 2010 exam session. Candidates were required to identify and
explain deficiencies in the cash cycle of a window cleaning company, suggest
controls to address each of these deficiencies, and list tests of controls the
auditor would perform to assess if the controls were operating effectively.

If the deficiency is significant, it is known as ‘significant deficiency’. It is ‘a

deficiency or combination of deficiencies in internal control that, in the
auditor’s professional judgment, is of sufficient importance to merit the
attention of those charged with governance’. It depends not only on whether a
misstatement has actually occurred, but also on the likelihood that a
misstatement could occur and the potential magnitude of the misstatement.
Significant deficiencies may therefore exist even though the auditor has not
identified misstatements during the audit.

Consideration points should include:

• the likelihood of the deficiencies leading to material misstatements in the
financial statements in the future
• the susceptibility to loss or fraud of the related asset or liability
• the subjectivity and complexity of determining estimated amounts, such as
fair value accounting estimates
• the financial statement amounts exposed to the deficiencies
• the volume of activity that has occurred or could occur in the account
balance or class of transactions exposed to the deficiency or deficiencies
• the importance of the controls to the financial reporting process
• the cause and frequency of the exceptions detected as a result of the
deficiencies in the controls
• the interaction of the deficiency with other deficiencies in internal control.

When you found the following indicators in real practice or exam questions,
this would indicate significant deficiencies. These include:
• evidence of ineffective aspects of the control environment, such as
management fraud not mitigated by internal controls, not sufficient
oversight of significant management interests by those charged with
governance, and no implementation of remedial actions against significant
deficiencies communicated
• absence or inefficiency of a risk assessment process
• evidence of ineffective responses to identified significant risks
• misstatements detected by the auditor’s procedures, which were not
prevented, detected and corrected by the internal controls
• restatement of previously issued financial statements to reflect the
correction of a material misstatement due to error or fraud
• evidence of management’s inability to oversee the preparation of the
financial statements.

© 2011 ACCA


APRIL 2011

In response to significant deficiencies in internal control identified during the

audit, the auditor will communicate in writing the significant deficiencies to
those charged with governance on a timely basis. For the communication, this
would include a description of the deficiencies, an explanation of their potential
effects, and sufficient information to enable those charged with governance
and management to understand the context of the communication.
In terms of the sufficiency of the details of communication, the consideration
factors include:
• the nature of the entity – more details for public interest entities than
non-public interest entities
• the size and complexity of the entity – more details for larger and more
complex entities
• the nature of significant deficiencies that the auditor has identified – more
details for those involving integrity of management and fraud
• the entity’s governance composition – more details for inexperienced
governance members
• legal or regulatory requirements regarding the communication of specific
types of deficiency in internal control

Evaluation of misstatements
As well as deficiencies in internal controls, misstatements may also be
detected during an audit. ISA/HKSA 450 (Clarified), Evaluation of Misstatements
Identified During the Audit is actually a new separate standard as well. This
highlights the importance of focusing on the deficiencies/misstatements
during the audit, which is a common consideration for a risk-based approach.

ISA/HKSA 450 (Clarified) deals with the auditor’s responsibility to evaluate the
effect of identified misstatements on the audit and of uncorrected
misstatements, if any, on the financial statements. ‘Misstatement’ is defined
as ‘a difference between the amount, classification, presentation, or disclosure
of a reported financial statement item and the amount, classification,
presentation, or disclosure that is required for the item to be in accordance
with the applicable financial reporting framework. Misstatement can arise from
error or fraud.’ This also relates to those that require adjustments for issuing a
true and fair view on the financial statements.

For these kind of identified misstatements, the auditor should determine

whether the nature and the circumstances of their occurrence indicate the
existence of other misstatements, which could be material individually or in
aggregate. These misstatements should be communicated to the appropriate
level of management on a timely basis.

The auditor should also consider whether there is a need to revise the audit
strategy and audit plan – especially when those areas are confirmed to have
appropriate design, implementation and effective operation of controls, now
there are identified misstatements. Does the initial conclusion need to be

© 2011 ACCA


APRIL 2011

reconsidered? This would definitely affect the risk assessment, audit strategy
and audit plan.

‘Uncorrected misstatements’ are the ‘misstatements that the auditor has

accumulated during the audit that have not been corrected’. Before evaluating
the effect of the uncorrected misstatements, the auditor should confirm
whether the materiality still remains appropriate. Afterwards, the auditor will
determine the uncorrected misstatements are material individually or in
aggregate. The auditor will consider:
• the size and nature of the misstatements, and the particular circumstances
of the occurrence
• the effect of uncorrected misstatements related to the prior periods.

The auditor will communicate the uncorrected misstatements and their

implication on the auditor’s report to those charged with governance. The
auditor will also request a written representation (including a summary of
uncorrected misstatements) from management and – where appropriate –
those charged with governance as to whether they believe the effects of
uncorrected misstatements are immaterial, individually and in aggregate to the
financial statements as a whole.

To summarise, candidates need to update their auditing knowledge,
understand them and apply them in the exam questions.

As stated by the Paper P7 examiner: ‘A significant proportion of candidates

continue to produce answers that are simply too vague or too brief, do not
actually answer the question requirements, and display inadequate technical
knowledge of the clarified ISAs (HKSAs). These candidates are encouraged to
improve their exam technique, as well as knowledge of the syllabus, by
practising as many past exam questions as possible, using up-to-date study
materials, and by taking on board the comments made in examiner’s articles
and reports.’

Allan Lee FCCA is director of Allan Lee Professional Solutions Ltd and co-
chairman of ACCA Hong Kong’s Student Affairs Subcommittee
This article was originally written for ACCA Hong Kong Student News Update
magazine, Winter 2010 issue but is still relevant for all auditing students.

© 2011 ACCA